PHP - How To Check For Malicious Php Code
Can someone advise me how to check for malicious PHP code?
If I download a script from somewhere, how can I make sure it's not malicious? If bad, maybe it could delete files?? Or send spam? Or EVEN 'send home' code - so that they can track your usage - OK if I consent - not OK if haven't consented and they're doing it sneakily! Sending spam has been a problem when installing Joomla plugins Are there specific commands I should watch out for in PHP scripts? Like send mail or something? I'm sure the baddies would be clever and maybe use IP numbers to send out to instead of domain names? Is there a PHP code checker online? Something that tells you what your PHP script does? Simple things: like tell you if it sends out mail or makes contact outside or deletes files This would be great - it would save a lot of time going through hundreds/thousands of lines of code Thanks OM Similar TutorialsI've been surfing the web and reading various articles, and probably have more questions than answers, so any guidance or direction to resources will (hopefully) be useful. I'm trying to connect the dots to more adequately understand the security issues within uploading image files. From its inception, light hits a camera sensor and an image is created. Is it in binary form? ASCII? Other? Now suppose additional code is added to the image. (For this example, let's say it's a simple script that says Hello - which I suppose would STILL be considered malicious). If it's simply placed into the image code, how can I open the image (as the recipient) to see the code in its TEXT form? (I'm assuming that the code would need to be activated either by clicking the script or calling the code in order to actual function) And if the code is hidden or camouflaged by using an alternate character set, how would it be translated from the unnoticeable character set into something more meaningful in order to perform? Edited April 20 by phppupTypos Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code. $sql="select * from Profile where username = '$username'; $result = mysql_query( $sql, $conn ) or die( "ERR: SQL 1" ); if(mysql_num_rows($result)!=0) { process form } else { echo "That username already exist!"; } the current code of the form <?PHP //session_start(); require_once "formvalidator.php"; $show_form=true; if (!isset($_POST['Submit'])) { $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; $_SESSION['check_answer'] = $human_answer; } if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { echo "<p>Error: Answer session not set</p>"; } if($_POST['math'] != $_SESSION['check_answer']) { echo "<p>You did not pass the human check.</p>"; exit(); } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> basically this is a search function <form method="post" action="test1.php"> <input type = "hidden" name="submitted" value ="true" /> <label>TYPE: <select name="field"> <option value = "sid">StudentID</option> <option value = "sname">StudentName</option> </select> </label> <label>WORD: <input type="text" name="searchword" /> </label> <input type="submit" /> </form> ------------- <?php if (isset($_POST['submitted'])){ $con = mysql_connect("localhost","root",""); mysql_select_db("uni", $con); $field= $_POST['field']; $searchword = $_POST['searchword']; $query = "SELECT* FROM student WHERE $field = '$searchword'"; $result = mysqli_query($con,$query) or die ('error data'); //-----------> error line echo"<table>"; echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr><td>"; echo "$row ['sid']"; echo "</td><td>"; echo "$row ['sname']"; echo "</td></tr>"; } echo"</table>"; } mysql_close($con); ?> NB: the error message "Warning: mysqli_query() expects parameter 1 to be mysqli, resource given in C:\wamp\www\test1.php on line 21 error data" I am new to PHP. I developed this class, I wonder if there's anything wrong or that I can improve. I could not test it because I'm in school. Thanks in advance. Code: [Select] <? class user { var $userID, $schoolID, $userName, $userPass, $dbHost, $dbUser, $dbName, $dbPass, $dbUserTable; $dbSchoolTable; function dbInfo() { $this->dbHost = 'localhost'; $this->dbUser = ''; $this->dbName = ''; $this->dbPass = ''; $this->dbUserTable = ''; $this->dbSchoolTable = ''; } function registerUser($userName, $userPass) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "INSERT INTO $this->dbUserTable VALUES (NULL, \"$userName\", \"$userPass\")"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $this->userID = mysql_insert_id(); } mysql_close($dbLink); $this->userName = $userName; $this->userPass = $userPass; } function registerSchool($schoolName) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "INSERT INTO $this->dbSchoolTable VALUES (NULL, \"$schoolName\")"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $this->schoolID = mysql_insert_id(); } mysql_close($dbLink); $this->schoolName = $schoolName; } function userLogin() { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "SELECT * FROM $this->dbUserTable WHERE userName = \"$this->userName\" AND userPass = \"$this->userPass\" LIMIT 1"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { while($row = mysql_fetch_array($result)) { session_start(); $_SESSION['userID'] = $row['userID']; session_write_close(); } } mysql_close($dbLink); } function changePass($newPass) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "SELECT * FROM $this->dbUserTable WHERE userName = \"$this->userName\" LIMIT 1"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $query = "UPDATE $this->dbUserTable SET userPass = \"$newPass\" WHERE userName = \"$this->userName\""; $result = mysql_query($query); if(!$result) { echo "Fail"; } else { $this->userPass = $newPass; } } mysql_close($dbLink); } } ?> try { $sql = "SELECT StudentID,CourseID FROM student,course WHERE StudentID =" . $_POST['sid'] AND CourseID =".$_POST['cid'] ; //-----> error line $query = mysql_query($sql) or trigger_error('MySQL error: ' . mysql_error()); if (mysql_num_rows($query) > 0) { throw new Exception('StudentID already taken'); } } NB: basicaly im inserting data into a table from another two table field. will this code check if value is null Code: [Select] if($_SESSION["cart"] != null) can someone check if what the problem with my code Code: [Select] $avatar2 = mysql_query("SELECT `users`.`imagelocation' FROM `users` `forum_replies` WHERE `users`.`id`= `forum_replies`.`uid`")or die(mysql_error()); I wish to use the code from the following page that can be used to check if an uploaded image is an animated GIF: http://stackoverflow.com/questions/280658/can-i-detect-animated-gifs-using-php-and-gd Here is the function: function is_ani($filename) { if(!($fh = @fopen($filename, 'rb'))) return false; $count = 0; //an animated gif contains multiple "frames", with each frame having a //header made up of: // * a static 4-byte sequence (\x00\x21\xF9\x04) // * 4 variable bytes // * a static 2-byte sequence (\x00\x2C) // We read through the file til we reach the end of the file, or we've found // at least 2 frame headers while(!feof($fh) && $count < 2) $chunk = fread($fh, 1024 * 100); //read 100kb at a time $count += preg_match_all('#\x00\x21\xF9\x04.{4}\x00\x2C#s', $chunk, $matches); fclose($fh); return $count > 1; } Am I right in saying that there are curly brackets missing after the while line? The indenting indicates that both of the 2 following lines should be included in the while loop, but the lack of curly brackets mean that only the line beginning with $chunk is included in the loop. The code actually seems to work with and without the curly brackets. Does anyone understand this code well enough to know whether or not the curly brackets should be included? Thanks in advance. I am writing a code using jquery in a php page to check the username availabiltiy,but getting error ie every time username is available is the message i am getting. the code is $(document).ready(function() { $("#username").blur(function() { //remove all the class add the messagebox classes and start fading $("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow"); //check the username exists or not from ajax //$.post("themes/user_availability.php",{ username:$(this).val() } ,function(data) $.post("themes/user_availability.php",{username:$(this).val() } ,function(data) { if(data=="no") //if username not avaiable { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1); }); } if(data=="yes") { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1); }); } }); }); }); php file user_availability.php <?php $login=$_POST['username']; $sql="select username from web_payregister where username='$login'"; $result=mysql_query($sql); if(mysql_num_rows($result)>0){ echo "no"; }else{ echo "yes"; } ?> This is what I have for the form (in short version) along with the text area and submit button. The form shows up OK on the Internet http://www.lakegenevapieco.com/test_product_list.php The problem is when I fill it out & submit it doesn't do two things: 1) It doesn't E-Mail me the information 2) It doesn't say, Thank you for using our mail form. It actually says page not available. Here is the code: <html> <head> <meta http-equiv="Content-Language" content="en-us"> <title>Products to be listed on the web site for the month of</title> </head> <body> Products to be listed on the web site for the month of <select size="1" name="MONTH"> <option selected>PICK MONTH</option> <option>1-JANUARY</option> <option>2-FEBUARY</option> <option>3-MARCH</option> <option>4-APRIL</option> <option>5-MAY</option> <option>6-JUNE</option> <option>7-JULY</option> <option>8-AUGUST</option> <option>9-SEPTEMBER</option> <option>10-OCTOBER</option> <option>11-NOVEMBER</option> <option>12-DECEMBER</option> </select> <select size="1" name="YEAR"> <option selected>PICK YEAR</option> <option>2010</option> <option>2011</option> <option>2012</option> <option>2013</option> <option>2014</option> <option>2015</option> </select></p> <p><input type="checkbox" name="PumpkinSB" value="ON"> Pumpkin Price increase to <input type="text" name="PriceIncreaseTo151" size="20" value="$"></p> <p><input type="checkbox" name="PumpkinWalnutSB" value="ON"> Pumpkin Walnut Price increase to <input type="text" name="PriceIncreaseTo152" size="20" value="$"></p> <p><input type="checkbox" name="RaspberrySB" value="ON"> Raspberry Price increase to <input type="text" name="PriceIncreaseTo153" size="20" value="$"></p> <p> </p> <p> </p> <p> <?php function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) {//if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else {//send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("myemail@mia.net", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } } else {//if "email" is not filled out, display the form echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </p> </form> </body> </html> When I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=306339.0 how to update the record of one table in which condition is that the it should similar to the other table feild only. e.g field of table1 will update only when the feild1 of table1 is equal to field2 of table2 in php?? while im using following command mysql_select_db("db1",$con); $query = "SELECT table2.feild1 , table2.feild1 " . "FROM table2, table1 " . "WHERE table1.feild2 = table2.feild1 "; $data = mysql_query($query) or die(mysql_error()); $sql="UPDATE table2 SET feild2='$_POST[value2]', feild3='$_POST[value3]' WHERE table1.feild2 = $data "; Good day friends, please i am still an upcoming developer please could you help me check if this contact form code is secured from hackers. Thanks
<?php <?php session_start( ); include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" ); include_once( _ABSPATH_."/inc/func/header.php" ); if ( $_GET["f"] == "login" ) { $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) ); $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) ); $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) ); if ( $r_0 == $r_1 ) { $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" ); $val = mysql_fetch_array( $result ); if ( !$val["password"] ) { $loginfail = 1; } else { if ( $val[password] === md5( $_POST["password"] ) ) { $_SESSION['admin'] = $adminuser; header( "Location: ./" ); exit( ); } $loginfail = 1; } } else { $loginfail = 2; } } $page_title = l( "Administration Login" )." | ".get_sitename( ); $smarty->assign( "page_title", $page_title ); $smarty->assign( "loginfail", $loginfail ); $smarty->display( "mgt/login.tpl" ); ?> i want a code in php to check if user open this pageĀ Hi Guys What code would you use to check that a form field does not exceed 100 characters? Thanks for any help. I am new to PHP and learning as I go I am stuck with a piece of code that I am trying to change. I have a php application that has tickboxes in and some are checked as standard. I want to change the tick box setting to be unchecked as standard. Here is the code. <label><input type="checkbox" name="notify" value="1" <?php echo (!isset($_SESSION['as_notify']) || !empty($_SESSION['as_notify'])) ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['seno']; ?></label><br /> I have tried everything I know but since I do not know that much I have been unable to change the standard. I am sure it is something small that I am overlooking. Anyone out there know what I am doing wrong? I found the code below which checks to make sure something the user entered into a text field is an actual URL. I am looking to confirm that something a user enters is an actual link to an IMAGE, so does anyone know how I could adjust this code below to do that? Basically, this code below would accept http://monkeys.com AND http://monkeys.com/images/monkey.jpg. I want to alter the code so that http://monkeys.com would NOT be accepted since it's not an image. Essentially, I want to make sure whatever the user enters ends with .jpg, .gif or .png. Anyone know how to do this? Code: [Select] url": { "regex": /^(https?|ftp):\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?(((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.?)(:\d*)?)(\/((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)?)?(\?((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|[\uE000-\uF8FF]|\/|\?)*)?(\#((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|\/|\?)*)?$/, "alertText": "* Invalid URL" } |